Cyber-attack on NYT highlights vulnerabilities

Hey there, time traveller!This article was published 29/8/2013 (1197 days ago), so information in it may no longer be current.

THE takedown of the New York Times website for nearly two days this week exposed how easily computer hackers can exploit the Internet's Achilles heel.

As the website was being restored Wednesday, the tech industry scurried to assess the high-profile cyber-attack and weigh what measures could be taken to prevent a similar breach.

In the past two years, a growing number of companies with a significant presence on the web have had to bolster their defences to make up for security gaps that were not considered a problem when the Internet was created.

But as online attacks escalate in severity and visibility, high-profile targets whose digital presences often span the globe have struggled to spot and repair every vulnerability.

The latest cyber-attack on the nation's second-largest newspaper highlighted two well-known problems: a reliance on user names and passwords that can be easily stolen; and reliance on an unsecure directory that's crucial to delivering the right content after a user enters a web address in an Internet browser.

Hackers, in the New York Times case, got their hands on a user name and password that allowed them to edit the directory information for the newspaper's web address. As a result of the edits, readers who typed in "nytimes.com" were directed to the hacker group's website before it was shut down. Readers saw an error message.

Though the newspaper re-edited the directory late Tuesday, several hours after the hack, readers continued to see error messages.

That's because it took just as long for the fix to start restoring the site as the amount of time it was down.

The master copy of the directory with the newspaper's information is held by a company based in Australia. Internet service providers such as Time Warner, Comcast and AT&;T use temporary copies of the directories to make websites load faster, because accessing the master copies, typically in far-flung data centres, takes time. Their copies took hours to be updated with the fix.

Computer security experts warned that as these attacks grow more common, Internet users should keep away from websites experiencing technical difficulties until an all-clear is issued. The New York Times, for example, said on Facebook and Twitter that users seeing error messages should visit http://news.nytco.com instead.

"If you see something busy or unavailable, close your browser and wait a bit," said H.D. Moore, chief research officer for cyber-security firm Rapid7. "Really, it should be a wake-up call that things are still fragile on the Internet."

Still, Moore said the response by the technology community to resolve Tuesday's issues offered a bit of relief.

You can comment on most stories on winnipegfreepress.com. You can also agree or disagree with other comments.
All you need to do is be a Winnipeg Free Press print or e-edition subscriber to join the conversation and give your feedback.